I am using Norton's Personal Firewall on a WinXP Home computer. Lately, I have been getting a warning that the firewall has blocked an HTTP_ActivePerl_Overflow attack coming from 127.0.0.1. Norton Antivirus (which is up to date) comes up negative, as does AdAware, and Spybot.

I get this message several times a day. Any help would be appreciated.

Thanks.

Do you have Windows Messenger service turned off? (Not the MSN Messenger)
If not, messages might not actually be from Norton.

Originally posted by HewittC4
...HTTP_ActivePerl_Overflow attack coming from 127.0.0.1.


Curiouser and curiouser said Alice!

127.0.0.1 is the "loopback" address; i.e. your computer. From this message, I would suspect a bug in Norton, or an incorrect setting somewhere.

That is, unless you are a masochist, and are actually attacking yourself! :D

David

Windows Messenger is turned off. The Norton Quicklaunch icon gets a flashing red ! to tell me that there is an alert. This is coming from the firewall itself, not from a popup window.

I know that this is the loopback address. My worry is that the recent Blaster worm had an error in it's programming that made it attack the loopback address. My virus definitions are up to date, and I recently did a fresh install on WinXP. :confused:

You may want to read this page at Symantec (http://securityresponse.symantec.com/avcenter/nis_ids/sigs/http_activeperl_overflow.html), take note of the ActivePerl version indicated, and the false positive note.